Vulnerability Name:
CVE-2008-1588 (CCN-43732)
Assigned:
2008-07-11
Published:
2008-07-11
Updated:
2022-08-09
Summary:
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
4.3 Medium
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.2 Low
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.2 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-20
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2008-1588
Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-07-11
Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-06-08-1
Source: CCN
Type: SA31074
Apple iPhone / iPod touch Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
31074
Source: CCN
Type: SA35379
Apple Safari Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
35379
Source: CCN
Type: Apple Web site
About the security content of iPhone v2.0 and iPod touch v2.0
Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3613
Source: CCN
Type: OSVDB ID: 47286
Apple Safari on iPhone / iPod touch Unicode Ideographic URL Spoofing Weakness
Source: BID
Type: UNKNOWN
30186
Source: CCN
Type: BID-30186
Apple iPhone and iPod Touch Prior to Version 2.0 Multiple Remote Vulnerabilities
Source: VUPEN
Type: UNKNOWN
ADV-2008-2094
Source: VUPEN
Type: UNKNOWN
ADV-2009-1522
Source: XF
Type: UNKNOWN
ipod-iphone-addressbar-spoofing(43732)
Source: XF
Type: UNKNOWN
ipod-iphone-addressbar-spoofing(43732)
Vulnerable Configuration:
Configuration 1
:
cpe:/o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.0:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
AND
cpe:/a:apple:safari:*:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:apple:iphone_os:1.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.2:-:mac:*:*:*:*:*
AND
cpe:/a:apple:safari:2.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.3:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:0.8:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:4.0:beta:*:*:*:*:*:*
OR
cpe:/a:apple:safari:0.9:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
apple
iphone os 1.0.2
apple
iphone 1.0
apple
ipod touch 1.1.2
apple
iphone os 1.1.1
apple
iphone 1.1.4
apple
iphone 1.1.3
apple
ipod touch 1.1
apple
iphone os 1.1.2
apple
iphone os 1.0.1
apple
ipod touch 1.1.3
apple
iphone 1.02
apple
ipod touch 1.1.4
apple
ipod touch 1.1.1
apple
safari *
apple
iphone 1.0
apple
iphone 1.1.2
apple
iphone 1.1.3
apple
iphone 1.0.1
apple
iphone 1.0.2
apple
iphone 1.1.1
apple
ipod touch 1.1
apple
ipod touch 1.1.1
apple
ipod touch 1.1.2
apple
iphone 1.1.4
apple
ipod touch 1.1.3
apple
ipod touch 1.1.4
apple
safari 3.0.2 -
apple
safari 2.0.2
apple
safari 2.0.4
apple
safari 3.0.1
apple
safari 3.0.2
apple
safari 3.0.3
apple
mac os x 10.4.11
apple
mac os x server 10.4.11
apple
safari 3.1
apple
safari 1.3.1
apple
safari 1.3
apple
safari 1.2
apple
safari 1.1
apple
safari 1.0
apple
safari 2.0
apple
safari 3.0
apple
safari 3.0.4
apple
safari 3.1.1
apple
safari 3.1.2
apple
safari 3.2
apple
safari 3.2.1
apple
safari 3.2.2
apple
mac os x 10.5.7
apple
mac os x server 10.5.7
apple
safari 1.0.3
apple
safari 1.3.2
apple
safari 0.8
apple
safari 3.2.3
apple
safari 4.0 beta
apple
safari 0.9
Denotes that component is vulnerable